Why Supply Chain Security Is Never "Fixed" And How to Manage the Gaps | Security Boulevard Podcast
35m
What if the secret to mastering supply chain security is accepting that it can never actually be "fixed"?
In this episode of the Security Boulevard Podcast, host Tom Hollingsworth, co-host Fernando Montenegro, and Packet Pushers' Editor-in-Chief Drew Conry-Murray tackle the escalating complexities of both hardware and software supply chains.
Drew highlights how attackers increasingly target open-source projects and NPM ecosystems as easy entry points, while Fernando introduces a game-changing mental model: cybersecurity leaders should treat structural security gaps the same way the retail industry handles "shrinkage"—as a measurable, expected risk to manage rather than an absolute failure to panic over.
Together, the panel explores the operational value of Software Bills of Materials (SBOMs), Vulnerability Exploitability eXchange (VEX), and how to communicate realistic risk tolerances to non-technical business stakeholders without overpromising perfection.
This and more on Security Boulevard Podcast, part of The Futurum Group Podcast Network.